You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Dan Poirier <po...@pobox.com> on 2008/11/10 21:55:17 UTC
[users@httpd] Re: HTTPS connexion on the port 80
David BERCOT <de...@bercot.org> writes:
> Le Mon, 10 Nov 2008 06:59:54 -0500,
> "Eric Covener" <co...@gmail.com> a écrit :
>> On Mon, Nov 10, 2008 at 2:03 AM, David BERCOT <de...@bercot.org>
>> wrote:
>>
>> > Yes, but no ;-)
>> > I want https traffic on port 80, nor 443 !!!
>>
>> You can't do that, because the client needs to know whether to speak
>> http or https as soon as they send any data, and apache won't just try
>> to interpret it either way.
>
> But the client knows what to speak because I tell him :
> httpS://site3.mondomaine:80/
Apache needs to know too. It can't see the Host passed from the client
until it has already started reading the request, which it can't do
until it has done an SSL handshake. How would it know whether to do
that or not, if port 80 is getting both SSL and non-SSL connections?
--
Dan Poirier <po...@pobox.com>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: HTTPS connexion on the port 80
Posted by Eric Covener <co...@gmail.com>.
On Mon, Nov 10, 2008 at 5:00 PM, David BERCOT <de...@bercot.org> wrote:
> Le Mon, 10 Nov 2008 15:55:17 -0500,
> Dan Poirier <po...@pobox.com> a écrit :
>> David BERCOT <de...@bercot.org> writes:
>> > Le Mon, 10 Nov 2008 06:59:54 -0500,
>> > "Eric Covener" <co...@gmail.com> a écrit :
>> >> On Mon, Nov 10, 2008 at 2:03 AM, David BERCOT <de...@bercot.org>
>> >> wrote:
>> >>
>> >> > Yes, but no ;-)
>> >> > I want https traffic on port 80, nor 443 !!!
>> >>
>> >> You can't do that, because the client needs to know whether to
>> >> speak http or https as soon as they send any data, and apache
>> >> won't just try to interpret it either way.
>> >
>> > But the client knows what to speak because I tell him :
>> > httpS://site3.mondomaine:80/
>>
>> Apache needs to know too. It can't see the Host passed from the
>> client until it has already started reading the request, which it
>> can't do until it has done an SSL handshake. How would it know
>> whether to do that or not, if port 80 is getting both SSL and non-SSL
>> connections?
>
> May be my knowledge of Apache configuration is not good, but there are
> specific directives for SSL :
>
> HTTP site :
> <VirtualHost *:80>
> ServerName site1.mondomaine.org
> DocumentRoot /site1
> </VirtualHost>
>
> HTTPS site :
> <VirtualHost *:80>
> ServerName site2.mondomaine.org
> DocumentRoot /site2
> SSLEngine on
> SSLCertificateFile /ssl/site2.cert
> SSLCertificateKeyFile /ssl/site2.key
> </VirtualHost>
>
> I think that Apache knows that site1 is only HTTP and site2 is HTTPS.
> Isn't it OK ?
No, Apache has no chance to choose the 2nd vhost in time to be able to
do an SSL handshake.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: HTTPS connexion on the port 80
Posted by David BERCOT <de...@bercot.org>.
Le Mon, 10 Nov 2008 15:55:17 -0500,
Dan Poirier <po...@pobox.com> a écrit :
> David BERCOT <de...@bercot.org> writes:
> > Le Mon, 10 Nov 2008 06:59:54 -0500,
> > "Eric Covener" <co...@gmail.com> a écrit :
> >> On Mon, Nov 10, 2008 at 2:03 AM, David BERCOT <de...@bercot.org>
> >> wrote:
> >>
> >> > Yes, but no ;-)
> >> > I want https traffic on port 80, nor 443 !!!
> >>
> >> You can't do that, because the client needs to know whether to
> >> speak http or https as soon as they send any data, and apache
> >> won't just try to interpret it either way.
> >
> > But the client knows what to speak because I tell him :
> > httpS://site3.mondomaine:80/
>
> Apache needs to know too. It can't see the Host passed from the
> client until it has already started reading the request, which it
> can't do until it has done an SSL handshake. How would it know
> whether to do that or not, if port 80 is getting both SSL and non-SSL
> connections?
May be my knowledge of Apache configuration is not good, but there are
specific directives for SSL :
HTTP site :
<VirtualHost *:80>
ServerName site1.mondomaine.org
DocumentRoot /site1
</VirtualHost>
HTTPS site :
<VirtualHost *:80>
ServerName site2.mondomaine.org
DocumentRoot /site2
SSLEngine on
SSLCertificateFile /ssl/site2.cert
SSLCertificateKeyFile /ssl/site2.key
</VirtualHost>
I think that Apache knows that site1 is only HTTP and site2 is HTTPS.
Isn't it OK ?
David.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org